Hi misc@,
I have relayd running on my -current machine which does reverse proxies
along
with TLS relays for various programs and it seems when using "listen on
egress",
it only listens to IPv4 and doesn't listen to IPv6.
In httpd, this is not the case, when using "listen on egress" it listens
to both
IPv4 and IPv6.
Since I require SNI, I'm using the new "tls keypair" feature and it
seems if I
have multiple listens it results in the following error:
/etc/relayd.conf:33: cannot load certificates for relay https2:443
Even though there's "tls keypair" clearly indicating which certificates
to use.
My -current system is dated 25-08-2019.
Here's some more relevant information:
% dmesg | head
OpenBSD 6.6-beta (GENERIC) #236: Sun Aug 25 13:46:21 MDT 2019
deraadt@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
% cat /etc/relayd.conf
...
relay "https" {
listen on egress port 443 tls
protocol "reverse_proxy"
forward to <local_httpd> port 80
...
}
...
% netstat -nat | grep LISTEN
...
tcp 0 0 xx.xx.xx.xx.443 *.* LISTEN
...
Thanks.
No comments:
Post a Comment